From your original mail, i got the impression that you hand no "issues"
with NaviServer either, but you are wondering, why OpenSSL 3.* is not
"picked up automatically" and still linked against OpenSSL 1.*. Since
there are many differences between OpenSSL 1.* and 3.* [1], many
distributors do not replace the 1.* version upon installation of OpenSSL
3.* , but they install it side by side, simply to avoid problems (there
are many API changes, see e.g. [2,3]). So, no all software compiled
against the include files of OpenSSL 1.* will work out of the box with
OpenSSL 3.*
Coming to my questions of the last mail:
- against which library is your nsd linked?
- have you reconfigured and recompiled naviserver?
let me know, if i can be of any further help.
-g
[1] https://www.openssl.org/docs/man3.0/man7/migration_guide.html
[2] https://packages.debian.org/bullseye/amd64/libssl1.1/filelist
[3] https://packages.debian.org/bookworm/amd64/libssl3/filelist
On 07.11.22 14:52, THORPE MAYES via naviserver-devel wrote:
Hi Gustaf,
Thank you for your response and the information.
I did not have any issues with previous OpenSSL updates, although I
had not installed 3.x versions.
Best regards.
Thorpe
Thorpe Mayes
(512) 394-8766
On 6 Nov 2022, at 11:34, Gustaf Neumann <neum...@wu.ac.at> wrote:
Dear Thorpe,
it looks like you have now two versions of openssl installed on your
system, since the output "1.0.2k-fips" comes straight from the
library. So, if you see this string, the library is still there.
One can check the version used during linkage via
ldd /usr/local/ns/bin/nsd
When upgrading to OpenSSL 3.*, it is recommended to recompile NaviServer
(make clean, configure ..., make, make install) such that NaviServer
can use
the newer library calls. When the path to the openssl libary is not
specified
explicitly, configure uses "pkg-config --libs openssl" to determine the
path the the library.
all the best
-g
PS Btw, OpenACS.org runs with OpenSSL 3.2.0-dev
On 06.11.22 13:47, THORPE MAYES via naviserver-devel wrote:
Hi,
I updated OpenSSL on my server to version 3.0.7.
Prior to updating, openssl version -a showed:
OpenSSL 1.0.2k-fips 26 Jan 2017
built on: reproducible build, date unspecified
platform: linux-x86_64
options: bn(64,64) md2(int) rc4(16x,int) des(idx,cisc,16,int)
idea(int) blowfish(idx)
compiler: gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DZLIB
-DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT
-m64 -DL_ENDIAN -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2
-fexceptions -fstack-protector-strong --param=ssp-buffer-size=4
-grecord-gcc-switches -m64 -mtune=generic -Wa,--noexecstack
-DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT
-DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM
-DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM
-DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
OPENSSLDIR: "/etc/pki/tls"
engines: rdrand dynamic
After updating, openssl version -a showed:
OpenSSL 3.0.7 1 Nov 2022 (Library: OpenSSL 3.0.7 1 Nov 2022)
built on: Sat Nov 5 14:56:48 2022 UTC
platform: linux-x86_64
options: bn(64,64)
compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3
-DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC
-DOPENSSL_BUILDING_OPENSSL -DZLIB -DNDEBUG
OPENSSLDIR: "/etc/ssl"
ENGINESDIR: "/etc/ssl/lib64/engines-3"
MODULESDIR: "/etc/ssl/lib64/ossl-modules"
Seeding source: os-specific
CPUINFO: OPENSSL_ia32cap=0xfffa3203478bffff:0x7a9
When I restart naviserver I see this in the log file:
Notice: OpenSSL OpenSSL 1.0.2k-fips 26 Jan 2017 initialized
That is the previous version of OpenSSL on the server.
What do I need to change in order for naviserver to use the current
version of OpenSSL? Or, does it matter?
When I updated to naviserver version 4.99.24 my configuration was:
./configure --prefix=/usr/local/ns --with-tcl=/usr/local/ns/lib
--enable-symbols
Thorpe
_______________________________________________
naviserver-devel mailing list
naviserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/naviserver-devel
